1 min read

US Homeland Security Wants Subpoena Power to Get Data from ISPs about Vulnerable Systems

Silviu STAHIE

October 11, 2019

Promo Protect all your devices, without slowing them down.
Free 30-day trial
US Homeland Security Wants Subpoena Power to Get Data from ISPs about Vulnerable Systems

The US Cybersecurity and Infrastructure Security Agency (CISA), in charge of leading national cybersecurity and infrastructure resilience programs, wants a change to federal law that would allow it to inspect systems behind ISPs and notify them to fix problems.

The Department of Homeland Security, which oversees CISA, wants to learn about vulnerable systems before they become a security problem. But it still needs to go through the local federal agency to obtain a subpoena that can be used to oblige ISPs to provide data regarding their customers. Federal agencies won’t serve a subpoena unless an investigation is ongoing.

CISA, established a year ago, is obliged by law to warn owners of vulnerable systems, particularly for public utilities and other vital infrastructure. In theory, Homeland Security is only looking to enforce its mandate, but broadening the scope and powers of the agency would raise questions regarding the intrusion of the federal government into the private sector.

If CISA’s request is approved, the agency would be able to demand any information from ISPs related to any company or private individual. The problem is that IP and MAC addresses, along with other identifying characteristics, are not an absolute indication of who’s using a particular endpoint.

According to a TechCrunch report, a proposal to this effect was already submitted to Congress. “The proposal would ensure that businesses would take action if the advisory came directly from the government. The agency is working with lawmakers to prevent any overreach or potential abuse of the authority,” explained a CISA official speaking with TechCrunch.

As it stands, federal agencies can issues subpoenas in the course of a national security investigation without going through a court. CISA’s new-found powers would be even more encompassing, and it wouldn’t be all that surprising if other law enforcement agencies make the same requests.

tags


Author


Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

You might also like

Bookmarks


loader